search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24272
http://www.securityfocus.com/archive/1/422227/100/0/threaded